2.0.3 Image Testing
-
Hi
just a question; isn't the patch allready out till 16 days?
http://svnweb.freebsd.org/base/stable/8/crypto/openssl/NEWS?view=markup
Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y: Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
or am i wrong ?
best regards
max
-
The rate binary is built the same on both branches. If the binary changes require changes to the GUI then they'll need to be done on RELENG_2_0 as well, hence needing a bug report on redmine.pfsense.org.
The rate binary change has resulted in quite a few comments from 2.1 users. There is quite a bit of code change to give filtering etc options to the bandwidth-by-ip table of traffic graphs in 2.1 to give flexibility to select what to display. I doubt that all that stuff wants to be back-ported to 2.0.3. And in any case, Ermal mentioned something about working some more on the rate source code to get the "In" and "Out" conventions on the display better. So I think it is not complete in 2.1 right now.
If possible, IMHO the previous rate binary should be supplied in 2.0.3.
(I don't understand how/why the pfsense-tools bit of the build doesn't build 2.0.3 from the appropriate branch of pfsense-tools repo, and I see that the 2.0 branch of pfsense-tools has not been added to for ages.)Extra edit: or maybe Ermal can knock up a version of rate that puts back the old output behaviour as a command line option - then the one rate utility compile will do for the "old" 2.0 branch and the "new" 2.1 branch.
-
The tools repo does not have branches. If two separate versions of rate need to exist, they would need to have separate pfPorts.
Debating all this in this thread really doesn't help anything. It belongs in a ticket now since it's a confirmed issue.
-
Yesterday i had to hard reset a 2.0.3 VM in a school.
situation:
Multi-wan / Multi-Vlan network where pfsense manages NAT + inter-vlan routing + captive portal with AD auth.Yesterdays problem:
-Inter-vlan routing was lagging extremely (50% packet loss when pinging to different vlan-subnet)
-ping to internet: 100% packet lossĀ
-Webgui barely responding (it took minutes before it loaded, most of the times it timed out)
-unable to initiate ssh connect, time out.
-I was able to login to the esxi and open the vm-console of the pfsense.
No obvious errors on the console screen were shown.
TOP showed a process hogging 100% cpu (check_reload_status)Steps taken to resolve the issue:
-restart webconfigurator (option 11). This printed "restarting webconfigurator" and stalled. ctrl+c to return to menu
-kill -9 the PID of check_reload_status.
-TOP shows cpu almost idle
-restart webconfigurator (option 11). This printed "restarting webconfigurator" and stalled. ctrl+c to return to menu
-tried 'reboot' from console. It probably attempted to reboot but after 5 minutes it still didn't.
-Did a "hard" reset on the VM with the vsphere-client.
-Pfsense booted without any issues. No obvious issues found in the logs.I know it will be impossible to reproduce, also impossible to find a cause.
I figured i'd better report this in case this happens in the future or if other have had a similar problem.kind regards
jeroen
-
Hi everyone,
I upgrade to 2.0.3 pre Release because the captive portal issues on 2.0.2
It works fine for me but i see something strange on Traffic Graph.
The traffic graph showing outside IP Addresses on Lan Interface like is talking on this thread http://forum.pfsense.org/index.php/topic,59714.30.html
Is it already a fix or it will be fix on a 2.0.3 Final ?
Thanks.
Best regards.
MykeErmal has fixed this - see redmine ticket http://redmine.pfsense.org/issues/2909 - and it is back to the local IP display behaviour in the March 26 2.0.3 builds.
Read the banter in the ticket for "education" about what in and out means on the graph and table. If people have thoughts about that, then start a new thread. -
Hi everyone,
I upgrade to 2.0.3 pre Release because the captive portal issues on 2.0.2
It works fine for me but i see something strange on Traffic Graph.
The traffic graph showing outside IP Addresses on Lan Interface like is talking on this thread http://forum.pfsense.org/index.php/topic,59714.30.html
Is it already a fix or it will be fix on a 2.0.3 Final ?
Thanks.
Best regards.
MykeErmal has fixed this - see redmine ticket http://redmine.pfsense.org/issues/2909 - and it is back to the local IP display behaviour in the March 26 2.0.3 builds.
Read the banter in the ticket for "education" about what in and out means on the graph and table. If people have thoughts about that, then start a new thread.Thanks.
-
i've had the same thing happening again yesterday!! (twice this week)
I did notice however that the Tier1 wan has been failing alot this week.
Also noticed an error about "wan1_gateway" not being available. That gateway however has been renamed week ago.
After checking i found a couple of policy rules that still relied on the old gateway-name and after updating them the error in logs disappeared.I hope the issue is resolved,but i'm almost certain it isn't and i have no clue why this is happening.
the system was running fine for over a month, not much has changed and now the VM is acting odd.kind regards
jeroen
Yesterday i had to hard reset a 2.0.3 VM in a school.
situation:
Multi-wan / Multi-Vlan network where pfsense manages NAT + inter-vlan routing + captive portal with AD auth.Yesterdays problem:
-Inter-vlan routing was lagging extremely (50% packet loss when pinging to different vlan-subnet)
-ping to internet: 100% packet lossĀ
-Webgui barely responding (it took minutes before it loaded, most of the times it timed out)
-unable to initiate ssh connect, time out.
-I was able to login to the esxi and open the vm-console of the pfsense.
No obvious errors on the console screen were shown.
TOP showed a process hogging 100% cpu (check_reload_status)Steps taken to resolve the issue:
-restart webconfigurator (option 11). This printed "restarting webconfigurator" and stalled. ctrl+c to return to menu
-kill -9 the PID of check_reload_status.
-TOP shows cpu almost idle
-restart webconfigurator (option 11). This printed "restarting webconfigurator" and stalled. ctrl+c to return to menu
-tried 'reboot' from console. It probably attempted to reboot but after 5 minutes it still didn't.
-Did a "hard" reset on the VM with the vsphere-client.
-Pfsense booted without any issues. No obvious issues found in the logs.I know it will be impossible to reproduce, also impossible to find a cause.
I figured i'd better report this in case this happens in the future or if other have had a similar problem.kind regards
jeroen
-
If you have that many rules that it's easy to overlook something then I recommend opening the config.xml file in a text editor and searching it. A couple of times I have managed to create something in the config that no longer shows in the gui at all but was still causing errors.
Steve
-
Guys having the traffic graph problem, of showing outside lan and wan ip's!
2.0.3-PRERELEASE (i386)
built on Wed Mar 20 08:08:55 EDT 2013
FreeBSD 8.1-RELEASE-p13Any fixes would be really helpful!?
-
Guys having the traffic graph problem, of showing outside lan and wan ip's!
2.0.3-PRERELEASE (i386)
built on Wed Mar 20 08:08:55 EDT 2013
FreeBSD 8.1-RELEASE-p13Any fixes would be really helpful!?
update to the latest build. it should be fixed in builds starting the 26th of this month and onwards
-
Guys having the traffic graph problem, of showing outside lan and wan ip's!
2.0.3-PRERELEASE (i386)
built on Wed Mar 20 08:08:55 EDT 2013
FreeBSD 8.1-RELEASE-p13Any fixes would be really helpful!?
update to the latest build. it should be fixed in builds starting the 26th of this month and onwards
Thanks guys updated to 28th snapshot. Everything seems to be fine!
Thank you! -
OpenSSL Security Advisory has been posted: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:03.openssl.asc
-
@ingenieurmt:
OpenSSL Security Advisory has been posted: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:03.openssl.asc
https://github.com/pfsense/pfsense/commit/c5df941eca0837af5ac6828526b926e191bc882f
Probably it just needs some time to build the new images.
-
Cross-reference to this post: http://forum.pfsense.org/index.php/topic,60760.0.html
2.0.3-RELEASE build has been done, but is not ready for people to install live just yet - hang on and wait for an official announcement, as there might be a bit of work to do getting the build of the OpenSSL patch sorted. -
Dear Friends,
i couldn't download 2.0.3 from http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/amd64/pfSense_RELENG_2_0/?C=M;O=DĀ and said you don't have permission to access this link (403 forbidden)please help
-
http://forum.pfsense.org/index.php/topic,60760.msg327216.html#new
-
CMB has denied access to the snapshot server since its building the release images and incorporating the latest discoveries.
-
@ingenieurmt:
OpenSSL Security Advisory has been posted: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:03.openssl.asc
Yes, we're aware, but they didn't include patches for FreeBSD 8.1 (as we expected) so we made our own. The last set of images from yesterday were fully on OpenSSL 0.9.8y.
Access to the snapshots was taken down for now to avoid having people install a snapshot labeled "release" that may not actually be the release. We will post another URL shortly from which the release testing images may be downloaded.
The changes I had to make to properly fix OpenSSL may have other effects (good or bad) so testing is still important even at this stage.
-
Cant remove widescreen package from the latest snap-
Fatal error: Cannot redeclare flowtable_configure() (previously declared in /etc/inc/filter.inc:65) in /etc/inc/filter.inc on line 87
-
Cant remove widescreen package from the latest snap-
Fatal error: Cannot redeclare flowtable_configure() (previously declared in /etc/inc/filter.inc:65) in /etc/inc/filter.inc on line 87
That's a problem with the widescreen package, not 2.0.x (most likely it uses require when it should use require_once).
